Strong Customer Authentication (SCA) is a new European requirement created to make online payments more secure. When a European shopper makes a payment, extra levels of authentication will be required at the time of the transaction. If you are having an E-commerce website, you are dealing with the online transactions. It is a necessary thing to have a strong and authenticate your Payment gateway for you and your end users.

The majority of online transactions will be covered under SCA. PSD2 has made it mandatory for service providers to facilitate SCA. PSD2 requires SCA when the following situations arise:

Accessing payment accounts online

Initiating electronic transactions

Any action carried out through a remote channel that presents a risk of payment fraud.

SCA is more than just entering a password. Authentication must include two or more of the following:

Something you know (e.g Password, Pin)

Something you have (Mobile phone, Wearable device)

Something you are (Fingerprint, facial features)

It will be compulsory to use Strong Customer Authentication in Europe Economic Area from 14 September 2019.

If You are using PayPal Pro direct to accept card payments on your website, you’ll need to update your payment integration to meet the card issuer's PSD2 obligations.

PayPal enables access to account use cases for TPPs through PayPal’s REST stack. Through PayPal's reliable and proven APIs, TPPs can access the same PayPal systems that power all of PayPal's merchant and consumer experiences.

Integration steps for PayPal Pro Direct

1. Register with CardinalCommerce

Before you can use Cardinal Cruise to obtain cardholder authentication, you must register with CardinalCommerce. After you have registered, CardinalCommerce acknowledges your 3-D Secure registration by sending you an email and welcome pack, which includes information about next steps and links for downloading their documentation.

2. Integrate Cardinal Cruise Standard

A Cardinal Cruise integration consists of a JavaScript file called Songbird.js, JSON Web Tokens (JWT) for client authentication, JSON objects to pass from your merchant front-end environment to Cardinal, and event handlers to know when events have completed.